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METHOD AND DEVICE FOR INSERTING AND AUTHENTICATING 
A DIGITAL SIGNATURE IN DIGITAL DATA 



BACKGROUND OF THE INVENTION 

1> Field of the Invention 

The present invention relates generally to methods and 
devices for inserting and authenticating a digital signature in 
digital data and, more particularly, encoders and decoders for 
inserting and authenticating a digital signature and associated 
data in digital image, video, and audio data. 

2 . Prior Art 

Photographs, music and video are increasingly being 
digitally represented. There are a variety of reasons for this, 
including improved image or audio quality and more economic 
distribution capabilities. However, digital data content owners 
(hereinafter "content owners") are increasingly aware of the 
associated risks of piracy and considerable effort has been 
directed towards minimizing this risk. Digital watermarking is 
one tool that has received attention for minimizing these risks. 
An early focus was on the design of watermarks that were not 
perceptible yet survived many forms of common signal processing 
such as MPEG -2 or JPEG compression. 

It is known in the art that there is also a need for 
fragile watermarks, e.g. watermarks that do not survive simple 
image processing operations. The purpose of these fragile 
watermarks is to provide a viewer with an indication of whether 
an image has been tampered with. The integrity of digital images 
is increasingly of concern since many low cost software systems 
allow very sophisticated image editing capabilities that can 



seamlessly alter an image. Currently, photographs are considered 
excellent evidence to support descriptions of events. However, 
this may change, if widespread "doctoring" of images leads the 
general public to become suspicious of the authenticity of an 
image , 

These issues have also been addressed in the art. The 
solution has been one based on classical cryptography within 
which authentication is well understood. The basic idea behind 
cryptographic authentication is to pass the data through a one- 
way hash function resulting in an N-bit hash. The N-bit hash is 
then encrypted using the private key of a public key encryption 
algorithm to form a digital signature. To authenticate the data, 
the data in question is once again hashed and this N-bit sequence 
is compared with the digital signature that is decrypted using 
the associated public key. 

A disadvantage of the system as it was originally 
proposed for a image data was the need for two files, one 
containing the image and the other containing the signature. 
Authentication requires the presence of both files, which can be 
a nuisance since it is very easy, for example, to transmit an 
image but forget to transmit the associated signature. Ideally, 
a single file would suffice. An obvious solution would be to 
concatenate the signature into the header of the image file 
format. However, this solution is problematic when images are 
converted between various file formats, e.g. tiff, bmp, etc. 

Recently, Wong [P. H. Wong, "A Public Key Watermark for 
Image Verification and Authentication", Int. Conf, On Image 
Processing, 455-459, Oct. 1998] proposed a straightforward way to 
insert a function of the signature into the image itself. Such a 
system has the advantage of being unaffected by changes in image 
file formats and does not need any form of meta-data. 
Authentication is performed on independent blocks of the image. 



For each block, X"", the least significant bit of each pixel is 
set to zero. This modified block is then passed through a hash 
function, together with the original image width and height 
information. The output of this hash function is then exclusive 
OR'ed (XOR'ed) with a corresponding set of bits, to form a 
signature, which is public key encrypted such that C^=E^, (^r) 
and is inserted into the least significant bit (LSB) of the 
block to form a watermarked image block Y^. Wong teaches that 
is a binary image or pattern whose dimensions must be less than 
or equal to the length of the hash. The purpose of the XOR is to 
scramble the binary image, B^. Subsequently, at decoding, the 
LSB plane of each block is decrypted using the associated public 
key and it is XOR'ed with the hash of the block after setting the 
least significant bits of the block to zero. If the block is 
authentic, i.e. unchanged, then the result is once again B^, 
i.e., XORing a second time with the same hash value unscrambles 
the pattern B^. Otherwise, the pattern remains scrambled. 
Authentication of the image is performed by visual inspection of 
the patterns, B'^, though in practice, a computer could perform a 
bit-wise comparison of B^. and B\. Strictly, such a scheme only 
authenticates the most significant bits of each pixel since the 
LSB is altered so as to carry the corresponding encrypted 
signature . 

Others in the art have described situations in which 
rightful ownership could not be resolved by a straightforward 
application of watermarking. In particular, they identified a 
situation in which anyone could claim ownership of a watermarked 
image through a process whereby a counterfeit watermark is 
inserted. They proposed a solution to this problem using a 
method called "non- invertible" watermarking. The basic idea 
behind this method is to construct a watermark based on a non- 
invertible function of the original image. An example of a non- 
invertible function is a one-way hash function commonly used in 
cryptography. Such a function takes a string of bits as input 
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and outputs a finite, for example, a 1000 -bit output. However, 
given the 1000 -bit output, it is computationally infeasible to 
determine the corresponding input. It should be noted that such 
a watermark can only be read by the content owner or someone in 
5 possession of the original image or its hashed key. Thus, a 
public watermark, i.e. a watermark that can be read by anyone, 
cannot be non- invertible or, at least, the benefits of non- 
invertiblity are lost since all readers must have knowledge of 
the hashed value. 

10 Furthermore, authenticating an image that is to be 
subsequently compressed and later decompressed is troublesome 
with the methods and devices of the prior art. Many in the art 

g have looked at this problem from the perspective of 
5 authentication schemes that survive JPEG compression. That is, 

;|5 while the digital data has been altered by the lossy compression, 
the image is essentially the same. 

11 SUMMARY OF THE INVENTION 

% In the methods and devices of the present invention a 

ry signature is inserted into predetermined bits of digital data for 

^3o authentication of the digital data. Alternatively, both the 
.'S digital data and some associated information are both 

authenticated. This associated information might include 

copyright notices, owner identification, amongst other things. 

This information may be embedded into the image in a variety of 
25 ways, as have been discussed in the watermarking literature. This 

embedding is performed prior to signing (creating the digital 

signature by hashing and encrypting) . 

In a version of the methods and devices of the present 
invention, we are concerned with the situation in which a 
30 compression algorithm is well known to the authentication system. 
This approach is applicable to, for example a JPEG compressed 



image or MPEG compressed video. In particular, the present 
invention is applicable to the problem of authentication within a 
digital camera or other image generation devices, though the 
solution is not limited to such a situation. Digital cameras 
with resolutions of IKxlK produce very large amounts of data 
which must be both stored and possibly transmitted from the 
camera to a computer. To expedite this process, it is expected 
that such data will be compressed in order to reduce the storage 
and bandwidth requirements. However, when the image is 
eventually decompressed, the viewer must still be able to 
authenticate the image. 

In yet another version of the methods and devices of 
the present invention not only is digital data signed for 
authentication purposes but it is also time stamped in order to 
be able to prove the time of origin. A further refinement of 
this system is to time stamp the image with both time and place 
of the image generation device, the latter information preferably 
being available through a Global Positioning Satellite (GPS) 
receiver. 

Accordingly, a method for inserting a digital signature 
into digital data is provided. The digital data comprises bits 
and the method comprising the steps of: assigning predetermined 
bits of the digital data for receiving the digital signature; 
signing the digital data excluding the predetermined bits 
resulting in the digital signature; and inserting the digital 
signature into the predetermined bits of the digital data for 
subsequent authentication of the digital data. 

Also provided is a method for authenticating digital 
data having the embedded digital signature in the predetermined 
bits of the digital data. The method comprises the steps of: 
extracting the digital signature from the predetermined bits; 
decrypting the digital signature from the digital data resulting 
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in a first hash; applying a one-way hashing function to the 
digital data excluding the predetermined bits resulting in a 
second hash; and comparing the first hash to the second hash 
wherein if the first hash matches the second hash the digital 
5 data is authentic. 

In a preferred version of the methods of the present 
invention, the signing step comprises: applying a one-way hashing 
function to the digital data excluding said predetermined bits 
resulting in a hash; and encrypting the hash. 

10 In yet another preferred version of the methods of the 

present invention, the method further comprises the step of 

O inserting associated data into the digital data prior to the 

JtJ signing step such that the digital signature authenticates both 

C the associated data as well as the digital data. Preferably, the 

^^5 associated data is inserted into the bits of the digital data 

m excluding the predetermined bits. 

Also provided are encoders and decoders for carrying 
r.p out the methods of the present invention. 

J5 BRIEF DESCRIPTION OF THE DRAWINGS 

2 0 These and other features, aspects, and advantages of 

the methods of the present invention will become better 
understood with regard to the following description, appended 
claims, and accompanying drawings where: 

FIG. lA illustrates a digital image or an image frame 
2 5 of a digital video sequence, wherein the image or image frame 
comprises digital data defining a plurality of pixels. 
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FIG. IB illustrates the image or image frame of FIG. 
lA showing the bits comprising each of the plurality of pixels, 
from a most significant bit to a least significant bit. 

FIG. IC illustrates the image or image frame of FIG. 
5 lA represented as bit planes, from a most significant bit plane 
to a least significant bit plane. 

FIG. ID illustrates the image or image frame of FIG lA 
in which the digital data is transformed into a frequency domain 
having a high and a low frequency component. 

10 FIG. IE illustrates audio digital data represented as 

bit planes, from a most significant bit plane to a least 
m significant bit plane. 

FIG. 2A is a flowchart illustrating a preferred method 
^0 of inserting a digital signature into digital data of the present 
:5:5 invention, 

O FIG. 2B is a flowchart illustrating a preferred method 

2! of authenticating digital data having an embedded digital 

□ signature in predetermined bits of the digital data. 

FIG. 3 is a schematical illustration of a device for 
2 0 signing and/or time stamping digital data for subsequent 

authentication of the both the digital data and the time stamp. 

FIG. 4 is a schematical illustration of a device for - 
inserting data into a digital having means for receiving the 
inserted data from an external source. 

25 FIG. 5 is a schematical illustration of a device for 

inserting data into digital data having a recognition means for 
recognizing a user of the device and wherein the inserted data is 
an identifier which identifies the recognized user of the device. 
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DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

Although this invention is applicable to numerous and 
various types of digital data, it has been found particularly 
useful in the environment of digital image data generated with a^ 
5 digital camera. Therefore, without limiting the applicability of 
the invention to image data or a digital camera, the invention 
will be described in such environment. However, those of 
ordinary skill in the art will recognize that the methods and 
devices of the present invention are equally applicable to 
10 digital video and digital audio data and any type of digital data 
generation device. 

5. Before discussing the present invention, a brief 

overview of a digital image will be discussed with reference to 
i- FIGS. lA-lD. FIG. lA illustrates a digital image 100. The 
=^5 digital image 100 can also be an image frame from a sequence of 
01 image frames in digital video. The digital image is represented 

p., by a plurality of image pixels 102, one of which is illustrated 

=p in the lower right corner of the image 100. Referring now to 

'il FIG. IB, each pixel is defined by a plurality of bits 104, from 

v|0 a most significant bit (MSB) 106 most visually perceptible to the 
human eye, to a least significant bit (LSB) 108 least visually 
perceptible to the human eye. As can be seen in FIG. IC, each 
corresponding bit for the pixels comprising the image 100 make a 
bit plane. All of the most significant bits 106 of the image 
25 pixels 102 comprise a most significant bit plane 110. Similarly, 
all of the least significant bits 108 of the image pixels 102 
comprise a least significant bit plane 112. FIG. IE illustrates 
corresponding digital data from a time series such as audio data. 
The audio digital data is represented as samples (columns) 124, 
3 0 wherein each sample is represented by a most significant bit 106 
down to a least significant bit 108, The rows of corresponding 
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bits are referred to herein as planes, even though they are 
single rows, from a most significant bit plane 110 to a least 
significant bit plane 112. 

The representation of the image 100 in the order of the 
5 significance of the bits which define the pixels is but one way 
of representing the digital data as the image. Generally, the 
digital data comprises a plurality of samples, each of the 
samples being defined by a plurality of bits, wherein the samples 
are pixels for image data, time samples for audio data, and 

10 spatial temporal samples for video data. The method would then 
transform the plurality of bits into an alternative 
representation having at least first and second characteristic 

=0 components. The predetermined bits comprise one of the first and 
second characteristic components. If associated data is also to 

.p5 be inserted, the associated data is inserted into at least a 
portion of the second characteristic component, 

=: One such way to define the image is to transform the 

digital data into a frequency domain 114 as illustrated in FIG. 

^Ij ID. In the frequency domain, the image 100 is transformed into 

yo components of high and low frequencies, 115, 118, respectively. 

m3 The high frequency component 116 being less perceptible to the 

human eye than the low frequency component 118, Preferably, the 
predetermined bits comprise a portion of the high frequency 
component and the associated data, if any, is inserted in the 
25 remaining high frequency component and/or the low frequency 
component , 

The number of bits needed to sign (insert a digital 
signature) or authenticate the image 100 is very small, 
preferably between 128 and 256 bits. This is especially true 
30 when compared with typical image dimensions of 512x512x24 bits. 
Typically, the digital signature is inserted into the LSB plane 
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because it is the plane which is least perceptible to the human 
eye. However, it is entirely unnecessary to alter all the least 
significant bits of the image 100, only a portion of the LSB 
plane 120 need be altered by the insertion of the digital 
5 signature. Thus, a simple signing procedure inserted into the 
portion 12 0 of the LSB plane provides a basic authentication 
procedure with the minimal alteration of the original image. 

The basic insertion method of the present invention is 
illustrated in some of the steps of FIG. 2A. In step 200, the 
10 digital data is provided which defines the digital image (or 

alternatively, digital video or audio) . In step 202, 
O predetermined bits of the digital data is assigned for subsequent 

S insertion of a digital signature. Preferably, the predetermined 
^fl bits comprise at least a portion of the LSB plane 120, however 

^5 any portion of the digital data can be assigned as the 
III predetermined bits. The number of the predetermined bits is 

r preferably the same as the number of bits in the digital 

D signature. However, the number of the predetermined bits can 

ni alternatively be larger than the size of the digital signature to 

9o allow for insertion of more than one digital signature or other 
data. 

Next, the digital data excluding the predetermined bits 
is signed resulting in the digital signature. Any signing method 
known in the art can be used without departing from the scope or 

25 spirit of the present invention. Preferably, the signing is 

accomplished by first applying a one-way hashing function to the 
digital data excluding the predetermined bits resulting in a hash 
(or hash value) . This is shown at step 210. The hash is then 
encrypted at step 220 resulting in the digital signature. The 

3 0 digital signature is then inserted into the predetermined bits of 
the digital data at step 226. The remaining steps illustrated in 
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the flowchart of FIG. 2A are preferable or alternative steps to 
the method previously described. 

The basic method of the present invention for 
authenticating the digital data once the digital signature has 
5 been inserted into the predetermined bits will now be described 

with reference to FIG. 2B. At step 228 the digital signature is 
extracted from the known location of the predetermined bits 120. 
At step 23 0 the digital signature is decrypted from the digital 
signature resulting in a first hash. At step 232, a known one- 
10 way hashing function which is used to encode the digital data is 

applied to the digital data excluding the predetermined bits 
Q resulting in a second hash. At step 234, the first has and the 

?t second hash are compared and there is a determination of whether 

m or not they match (step 236) . If the first and second hashes 

35 match (step 238) the digital data is authenticated, if they do 
W not match (step 240) the digital data is not authenticated. The 

remaining steps illustrated in the flowchart of FIG. 2B are 
O preferred steps corresponding to some of the preferred steps of 

;|j FIG. 2A, which will be discussed below. 

'20 A limitation of this method is that it does not 

localize the region of the image that has been altered. Rather, 
the algorithm simply declares that the image is or is not 
authentic. There are many situations where this is adequate. 
However, it is straightforward to extend this approach to a block 
25 based method in which each block is independently signed. 

Further, the signature need not be placed in the LSB's of an 
image. The key property is that the image is partitioned into 
two disjoint partitions. The first partition must capture the 
key properties that must be authenticated. The second partition 
30 is a preferably redundant, possibly perceptually insignificant 
region of the image. For example, a frequency based system is 
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also possible in which the image (or subimages) are first 
transformed into the frequency domain 114, Next, the low 
frequency perceptually significant components 118 of the image 
100 are authenticated while high frequency (perceptually 
5 insignificant) coefficients 116 are used to hold the digital 
signature. Many other variations are possible, including 
inserting into the least significant bits of the transformed 
domain. 

Of course, it is well known that changes to the LSB of 
10 almost all images cannot be discerned. Thus, the other least 

significant bits, e.g. (512x512x1 - the number used for the 
□ digital signature) offer an opportunity to embed or insert more 
;K information in the image (step 208) , referred to herein as 

=o associated data. Methods of the prior art do not efficiently 

.^5 utilize these bits since the prior art methods require 
IFI modification of all the least significant bits of a block. An 

alternative version of the present invention is to simply use 
O this large set of remaining bits to encode additional information 

associated with the image. Such information could include, but 
Qo is not limited to the photographer's name, copyright permissions, 
a public key needed to decrypt the digital signature, a source or 
owner of the digital data such as a photographer who took the 
digital image, and Internet (URL) addresses. Alternatively, the 
associated data 122 can comprise at least two fields 122a, 122b 

2 5 each having separate data which may be dependent or independent 

from each other. For example, one field 122a may contain data 
identifying a public key needed to decrypt the digital signature 
and the second field 122b may contain data identifying the owner 
of the public key contained in the first field 122a. The content 

3 0 owner may choose to encode some of this information in the clear, 

i.e. unencrypted while other fields may be encoded. 
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Preferably, the associated data is treated as part of 
the image and is signed as well. Thus, not only is the image 
content authenticated but the associated information is as well. 
The associated data is illustrated in FIG. IC as reference 
5 numeral 122 and is preferably inserted into the LSB plane in a 
portion excluding the predetermined bits which contain the 
digital signature. It should be apparent to those skilled in the 
art that embedding the associated data 122 in the remaining 
portion of the LSB plane 108 is only a preferable implementation 
10 of the methods of the present invention, and is given by way of 
example only. The associated data may be embedded in a variety 
of other ways, many of which have been described in the prior 
■J watermarking art. 

^fl It should be apparent to those skilled in the art, that 

the LSB plane exists analogously in other digital content forms. 
W Generally, the digital data can be said to comprises a plurality 

r of samples, wherein each of the samples are defined by a 

O plurality of bits in the digital data, from a most significant 

m bit to a least significant bit. In the case of digital image 

^0 data, each sample is an image pixel, in digital video, each 
,S sample is a spatial temporal sample, while in digital audio, each 

sample is a time sample. 

In an alternative version of the insertion methods of 
the present invention, the digital data comprises a plurality of 

25 samples, audio, video, or image. In this alternative, the least 
significant bit plane in the digital data is ignored. The 
associated data is concatenated to the digital data having the 
ignored least significant bit plane. The digital data having 
concatenated associated data is then signed resulting in the 

3 0 digital signature which is inserted in the predetermined bits. 
Where ignoring not only means that the least significant bit 
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plane is not passed through the hash, but can also mean that all 
the bits in the LSB plane are set to 0 or 1 or to an arbitrary 
pattern, etc. 

The methods of the present invention are not limited to 
signing the entire digital data, Subregions may also be signed. 
However, it should be apparent to those in the art that if the 
signature remains 12 8 bits in length, then there are 12 8N bits 
used for signing when the image is partitioned into N blocks. 
Thus, there may be a tradeoff between localization of the 
tampering and the amount of additional information that can be 
embedded into the image, especially if the LSB's are used to 
store the associated data and the signatures. In the limit, if 
each subblock only contains 12 8 pixels, then there is not 
additional capacity available in the LSB plane. Note, however, 
that Wong requires each sub -block to be less than or equal to the 
hash length, while the methods of the present invention 
preferably require each sub -block to be greater than or equal to 
the hash length. 

Despite the very rapid progress in data storage and 
transmission rates, images still require very significant amounts 
of bandwidth and storage. Consequently, in many cases, the 
content owner will require that the digital data be compressed, 
e.g. JPEG for an image, or MPEG for video, for economic reasons. 
In such a situation it is desirable to sign the compressed image 
and, after decompression, have a signed image. 

Referring back to FIG. 2A, it is first determined 
whether the digital data is compressed at step 204. If the data 
is not compressed the method follows to sign the digital data as 
previously described. If the digital data is compressed, the 
digital data is decompressed at step 206 such that a signature 
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can be computed at steps 210 and 220. The digital signature is 
then be inserted into a header of the compressed file at steps 
222 and 224, Preferably, the decompression algorithm used is 
modified such that after decompression of the image, the 
signature present in the header is copied to the corresponding 
predetermined bits of the decompressed image. 

Referring now to FIG, 2B, when the compressed file 
with the digital signature in the header is authenticated, the 
compressed file is decompressed at step 242 and the digital 
signature in the header is inserted into the predetermined bits 
of the digital data at step 244. If the digital data also 
contains associated data (step 246, YES decision) , the associated 
data may be inserted in the header at step 224 and into the 
digital data at step 248 after decompression at step 242. 
Alternatively, the associated data may be inserted into the image 
prior to compression and in such a manner that the associated 
data survives the compression step. The method for 
authenticating the digital signature (and associated data if 
present) then follows steps 228 to 240 as previously described 
above . 

Alternatively^, the authentication capabilities of the 
methods of the present invention are extended to include time 
stamping which comprises inserting time data into the digital 
data for identifying the time the digital data was created. 
Referring back to FIG. 2A, the basic procedure for time stamping 
digital data consists of first passing the digital data through a 
one-way hash function 210 as previously described. If the 
digital data is to be time stamped (step 212, Yes Decision), the 
one-way hash and signature are transmitted to a trusted third 
party which concatenates the hash, signature, and time data at 
step 214 and passes the hash, signature, and the current 
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time/date (time data) through another round of one-way hashing at 
step 216. This hash is then encrypted at step 218 using a public 
key encryption method and the encrypted signature and time data 
are returned to the content owner. The signature and time data 
5 can again be encoded in some portion of the predetermined bits of 
the digital data at step 226 as previously described. In such a 
manner, it is possible to both prove that the image has not been 
tampered with and to determine a date by which the original 
content must have existed. It should be apparent to those 
10 skilled in the art that any time stamping procedure known in the 
art can be used without departing from the scope or spirit of the 
present invention . 

:J=! This arrangement requires a trusted third party 

43 stamping organization. Typically, such an organization is 

%5 accessible over a network, e.g. the Internet. However, such a 
if! configuration is not practical for immediately time stamping 

images generated by an image generation device, such as those 
O taken by a digital camera, since the digital camera may not have 

J access to the trusted third party.. Referring now to FIG. 3, an 

3o alternative arrangement is to equip each digital camera or image 
'J. generation device 300 having digital data generation means 301, 

such as a digital scanner or digital video camera, with a 
semiconductor chip 302 having a tamper resistant clock 3 04 and a 
tamper resistant time stamping circuit 306 such as a public key 

2 5 encryption system that can serve the same roll as the trusted 

third party. Such a device 300 would preferably have its private 
key embedded in a memory 3 08 such that it was inaccessible. The 
tamper resistant clock would be set at the factory and also be 
unalterable by any user. Preferably, the corresponding public 

3 0 key is placed in the clear (unencrypted) within a field of the 

LSB's of the image. The digital data is then signed by a signing 
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means 303 using the private key from memory 308, If associated 
data is to be inserted, an associated data insertion means 305 
inserts the associated data into the digital data before signing 
by the signing means 303. The associated data (if any), 
5 signature, and time stamp (if any) are then supplied to an 

insertion means 307 for insertion of the signature and/or time 
stamp resulting in signed and/or time stamped digital data. 

Such tamper resistant hardware could also provide 
information other than time. For example, referring to FIG. 4, 
10 it is possible that image generation devices 300 also be equipped 

for receiving data such as the associated data, from an external 
O source 402, such as a GPS (Global Positioning Satellite) 

m transmission with a reception means 404 such as an antenna. In 

'D such circumstances, it is possible to verify not only the time 

Js the digital data was created (e.g., the time the photograph was 

taken) but also the location. In such a method the image 
r generation device 300 would receive the data to be inserted, 

'3 preferably an RF (radio frequency) transmission such as from a 

m GPS transmission, insert the data into the digital data, and then 

%0 authenticate the digital data as well as any associated data 
5 inserted therein as previously described. The external source 

can also be an internet link 406 in which the image generation 
device 400 is linked with a personal computer 408 having access 
to the internet 408 and capable of receiving the data 
25 transmission from an internet site. The data can be downloaded 

fro the digital camera or other image generation device 3 00 via a 
memory card slot or through a cable interface 412 connected to 
the personal computer 408. 

In the case of digital cameras or other digital content 
3 0 creation devices, authentication and time stamping require the 
use of a public key encryption system. The device encrypts the 
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signature and/or time stamp using the camera's private key. The 
reader must then have knowledge of the corresponding public key 
in order to, say, authenticate the image. However, there are 
potentially millions of such devices in existence. One important 
5 use for the LSB's of an image is to hold the corresponding public 
key of the device, such as a camera so as to enable 
authentication. However, at this point all that can be confirmed 
is that a specific camera captured the image. The viewer does not 
know who took the photograph. 

10 In an alternative version of the methods of the prior 

art, this knowledge can also be provided by allowing the 
O photographer (user) to program his/her camera (image generation 

m device) with his/her name and public and private keys. The 

■fi photographer's name, say Adam, and public key may be placed in 

the clear in a field within the LSB's of the image (digital data) 
2 that are also authenticated. The image, together with all the 

r LSB's except those that are used to store the signature are then 

first signed by the camera using its private key. Next this 
fu signature is encrypted using the photographer's private key. 

.Ho Several levels of signing are possible. This allows 

the image to be signed by the camera (indicating that the data 
has not been processed subsequent to its recording from the CCD 
array) , the photographer (identifying the person responsible for 
the image) , the distributor, etc. However, earlier levels of 

25 signing must leave bits available to accommodate the next level 
signature and possible associated data. For example, a digital 
camera might sign all the image bits except the LSB plane and 
insert its signature into a predetermined field in the LSB plane. 
Next, the photographer (either within the camera or on a PC) 

30 might insert associated data into other fields of the LSB plane 
and then sign these fields together with the signature from the 
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camera. This second signature would be placed in another 
predetermined field of the LSB plane. Other iterations are 
possible, provided there is space remaining in the predetermined 
bits to store the signature. Note that the photographer signed 
the associated data and the camera's computed signature. This is 
sufficient to know that the photographer took the image, even 
though the second level of signing did not explicitly sign the 
image. However, this is an alternative method but is not the 
preferred embodiment since the hashing of the image data a second 
time is unnecessary given the signature from the camera. 

Referring now to FIG. 5, a further refinement to 
programming the camera with a photographer's public and private 
keys would involve equipping the digital data generation means 
300, i.e., camera, with a recognition means 502 such as a 
biometric identification system like a low cost fingerprint 
recognition system. The camera could then be programmed with the 
information of several photographers and would select the correct 
one based on the fingerprint of the person holding the camera 
300. 

In other words, the image generation device 3 00 as 
illustrated in FIG. 3 having digital data generation means 301 or 
other encoding device, would additionally have the recognition 
means 502 and the memory 308 would further store an identifier 
corresponding to each of at least one user of the device in one 
field 308a of the memory 308. The identifier is preferably a 
name of the photographer or other identifier such as a social 
security number. Preferably, a private key associated with each 
user is stored in a second field 308b in the memory 308. The 
recognition means 5 02 recognizes one of the users whose 
identifier is stored in the first field 308a of the memory 308. 
The identifier corresponding to the recognized user is output to 
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the associated data insertion means 305 as associated data. 
Preferably, the recognized user's private key is output from the 
second field 308b of the memory 308 for use by the signing means 
303 to sign the digital data, so that one can guarantee that the 
5 data (image) was never doctored or manipulated by secondary 

processing. As in the embodiment of FIG. 3, the associated data 
(if any) , the time stamp (if any) , and the signature are supplied 
to the insertion means 307 for insertion of the signature and/or 
time stamp resulting in signed and/or time stamped digital data. 
10 However, the digital data can also be signed after subsequent 
processing, such as in a P. C. In the case of a digital image 
taken by a digital camera, the digital image can first be loaded 
Q into a P.C. and manipulated with standard software known in the 

m art, and then signed, wherein the manipulated image is 

'Ms subsequently authenticated. 

Note that while the preferred embodiment has this 
r second round of encryption occurring within the camera, this is 

y not essential. For example, the image signed by the camera could 

m be downloaded by the photographer onto a PC where an application 

41 0 program would perform the second round of encryption. In fact, 
for digital cameras that do not support authentication, all of 
the above procedures could be performed offline by a PC. The 
benefit of a camera based system is that the authentication is 
performed automatically after each photograph is taken. However, 
25 it is apparent that the photographer could be responsible for 
signing his work using a PC and associated software. 

A viewer first decrypts the signature using the 
photographer's public key, available in a field within the LSB's 
of the image. This result is then decrypted using the camera's 
30 public key, also available within a field of the LSB's of the 

camera. At this point, the decrypted signature can be compared 
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with the hash of the image and data to determine the authenticity 
of the whole. 



Assuming that the authentication is positive, the 
viewer at this point only knows that someone claiming to be Adam 
5 was the source of the image. However, there is nothing to 

prevent someone from impersonating Adam. One last step therefore 
remains to be absolutely certain that the photographer is indeed 
Adam. The viewer must verify that Adam's public key is indeed 
Adam's. There are a variety of ways that this can be 
10 accomplished. For example, a trusted third party might provide a 

database listing photographers and their associated public keys. 
O Such a database might be provided by a not-for-profit 

iti professional photographic body or commercial entity. Such a 

^fl database might be online and/or periodically published much like 

'^5 a telephone directory. A less centralized solution might involve 
If: accessing the homepage of Adam on the Internet, where his public 

key would be printed. Of course, the impersonator would also be 
G aware of Adam's public key. However, since he does not know 

II" Adam's private key, it is impossible for him to correctly encrypt 

Qo the signature. This is the great strength of public key 
.5^ encryption systems. 

A further refinement of the system can be developed 
when it is realized that a photographer may have many cameras. 
In such a situation, the photographer may desire that all cameras 
25 owned by him use a single private key associated with the 

photographer. This is in contrast to an individual key for each 
camera. Nevertheless, the tamper resistant chip could also 
include the serial number of the camera, thereby identifying 
which of the photographer's cameras actually took the picture. 
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It should also be apparent that while this description 
has focused on still images, the methods are also applicable to 
video, audio and multimedia forms of content. 

While there has been shown and described what is 
considered to be preferred embodiments of the invention, it will, 
of course, be understood that various modifications and changes 
in form or detail could readily be made without departing from 
the spirit of the invention. It is therefore intended that the 
invention be not limited to the exact forms described and 
illustrated, but should be constructed to cover all modifications 
that may fall within the scope of the appended claims. 
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WHAT IS CLAIMED IS: 



1 1, A method for inserting a digital signature into 

2 digital data, the digital data comprising bits, the method 

3 comprising the steps of: 

4 assigning predetermined bits of the digital data 

5 for receiving the digital signature; 

6 signing the digital data excluding the 

7 • predetermined bits resulting in the digital signature; and 

8 inserting the digital signature into the 

9 predetermined bits of the digital data for subsequent 

0 authentication of the digital data. 

1 2. The method of claim 1, wherein the signing step 

2 comprises: 

3 applying a one-way hashing function to the digital 

4 data excluding said predetermined bits resulting in a hash; and 

5 encrypting the hash. 

1 3. The method of claim 1, wherein the digital data is 

2 selected from a group consisting of image data, video data, and 

3 audio data. 

1 4. The method of claim 1, further comprising the step 

2 of inserting associated data into the digital data prior to the 

3 signing step such that the digital signature authenticates both 

4 the associated data as well as the digital data. 
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1 5. The method of claim 4, wherein the associated data 

2 is inserted into the bits of the digital data excluding the 

3 predetermined bits. 

1 6. The method of claim 4, wherein the digital data 

2 comprises a plurality of samples, each of the samples being 

3 defined by a plurality of the bits, from a most significant bit 

4 to a least significant bit, all of the least significant bits 

5 defining the plurality of samples comprising a least significant 

6 bit plane, wherein the predetermined bits comprise at least a 

7 portion of the least significant bit plane. 

1 7. The method of claim 6, wherein the digital data is 

2 an image and each sample is an image pixel. 

1 8. The method of claim 6, wherein the digital data is 

2 video and each sample is a spatial temporal sample. 

1 9. The method of claim 6, wherein the digital data is 

2 audio and each sample is a time sample. 

1 10. The method of claim 6, wherein the associated data 

2 is inserted into at least a portion of the remaining least 

3 significant bits in the least significant bit plane, 

1 11. The method of claim 4, wherein the digital data 

2 comprises a plurality of samples, each of the samples being 

3 defined by a plurality of the bits, further comprising the step 

4 of transforming the plurality of bits into an alternative 

5 representation having at least first and second characteristic 

6 components, wherein the predetermined bits comprise the first 

7 characteristic component. 
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1 12. The method of claim 11, wherein the digital data 

2 is an image and each sample is an image pixel. 

1 13 • The method of claim 11, wherein the digital data 

2 is video and each sample is a spatial temporal sample. 

1 14. The method of claim 11, wherein the digital data 

2 is audio and each sample is a time sample. 

1 15. The method of claim 11, wherein the associated 

2 data is inserted into at least a portion of the second 

3 characteristic component. 

1 16. The method of claim 15, wherein the alternative 

2 representation is a frequency domain representation having high 

3 and low frequency components, wherein the first characteristic 

4 component is a portion of the high frequency component and the 

5 second characteristic component is the remaining high frequency 

6 component and the low frequency component. 

1 17. The method of claim 4, wherein at least a portion 

2 of the associated data comprises data identifying a public key 

3 needed to decrypt the digital signature. 

1 18. The method of claim 4, wherein the associated data 

2 comprises data identifying a source of the digital data. 

1 19. The method of claim 4, wherein the associated data 

2 comprises data identifying the identity of an owner of the 

3 digital data. 
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1 20. The method of claim 19, wherein the digital data 

2 is an image and the associated data comprises data identifying a 

3 photographer of the image. 

1 21. The method of claim 4, wherein a portion of the 

2 associated data is encrypted and a remaining portion of the 

3 associated data is unencrypted. 

1 22. The method of claim 4, wherein the associated data 

2 comprises at least two fields. 

1 23. The method of claim 22, wherein at least one of 

^ the fields comprises data identifying a public key needed to 

jD3 decrypt the digital signature. 

24. The method of claim 23, wherein at least one other 
;^2 field comprises data identifying the owner of the public key. 

%J- 25, The method of claim 4, further comprising the step 

,p2 of receiving the associated data from an external source. 

26. The method of claim 25, wherein the external 
source is a Global Positioning Satellite transmission. 

1 27. The method of claim 1, wherein the digital data is 

2 compressed using a compression standard resulting in a 

3 compressed file, wherein the method further comprises the steps 

4 of : 



5 
5 
7 



creating a decompressed file prior to the signing 
step; signing the decompressed file resulting in the digital 
signature; and 
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8 inserting the digital signature into a header in 

9 the compressed file instead of inserting the same into the 
10 digital data. 

1 28, The method of claim 21 , wherein the digital data 

2 is an image and the compression standard is JPEG. 

1 29. The method of claim 27, wherein the digital data 

2 is video and the compression standard is MPEG. 

3 30. The method of claim 4, wherein the digital data is 

4 compressed using a compression standard resulting in a 

g5 compressed file, wherein the method further comprises the steps 
of: 

.p7 creating a decompressed file prior to the signing 

(fl^ step; 

"l^S inserting the associated data into the 

::BL0 decompressed file; 

.7|1 signing the decompressed file resulting in the 

^^.2 digital signature; and 

13 inserting the digital signature and associated 

14 data into a header in the compressed file instead of inserting 

15 the same into the digital data. 

1 31. The method of claim 30, wherein the digital data 

2 is an image and the compression standard is JPEG. 



1 32. The method of claim 30, wherein the digital data 

2 is video and the compression standard is MPEG. 
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1 33. The method of claim 4, wherein the digital data 

2 comprises a plurality of samples, each of the samples being 

3 defined by a plurality of the bits, from a most significant bit 

4 to a least significant bit, all of the least significant bits 

5 defining the plurality of samples comprising a least significant 

6 bit plane, wherein the method further comprises the steps of: 

7 ignoring the least significant bit plane in the 

8 digital data; 

9 concatenating the associated data to the digital 
10 data having the ignored least significant bit plane prior to the 

f^l signing step; 

'^2 performing the signing step to the digital data 

M.3 having concatenated associated data resulting in the digital 

S4 signature; 

wherein the predetermined bits comprise at least a 

.e2L6 portion of the least significant bit plane and the associated 

%1 data is inserted into at least a portion of the remaining least 

=3.8 significant bits in the least significant bit plane. 

1 34. The method of claim 1, further comprising the 

2 steps of: 

3 providing time data identifying the time the 

4 digital data was created; 

5 concatenating the hash and the time data; 



6 applying a one-way hashing function to the 

7 concatenated hash and time data resulting in a second hash; and 
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8 encrypting the second hash instead of the first 

9 hash to result in a time stamp containing the digital signature, 

0 wherein both the digital data and the time data are subsequently 

1 authenticated. 

1 35. The method of claim 34, further comprising the 

2 steps of: 

3 transmitting the hash and signature to a third 

4 party for performance of the providing, concatenating, and 

5 " encrypting steps; and 

6 receiving the time stamp from the third party 

7 prior to the inserting step. 

1 35, The method of claim 35, wherein the trusted third 

2 party resides at an internet address and the transmitting and 

3 receiving steps are done through the internet. 

1 37. The method of claim 34, wherein the time stamp is 

2 provided by a semiconductor chip having a tamper resistant clock 

3 and a tamper resistant time stamping circuit, wherein the clock 

4 outputs the time data which together with the digital signature 

5 is signed by the circuit to output the time stamp. 

1 38. The method of claim 4, further comprising the 

2 steps of: 

3 storing an identifier in a memory corresponding to 

4 each of at least one user of a device which creates the digital 

5 data; 
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6 recognizing a user of the device whose identifier is stored in 

7 the memory; and 

8 outputting the identifier corresponding to the 

9 recognized user from the memory to be inserted as the associated 
10 data. 

1 39. The method of claim 38, further comprising the 

2 steps of storing a private key for signing the digital data in 

3 the memory corresponding to each user and using the private key 

4 for signing the digital data. 

,,^1 40. The method of claim 38, wherein the recognizing 

step is accomplished by a fingerprint recognition system. 

Jl 41. The method of claim 38, wherein the identifier is 

2 a name of the recognized user. 

^; 1 42. A method for authenticating digital data having an 

£2 embedded digital signature in predetermined bits of the digital 

^^i3 data, the method comprising the steps of: 

^04 extracting the digital signature from the 

5 predetermined bits; 

6 decrypting the digital signature from the digital 

7 data resulting in a first hash; 

8 applying a one-way hashing function used by an 

9 encoder of the digital data to the digital data excluding the 
10 predetermined bits resulting in a second hash; and 
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ll comparing the first hash to the second hash 

12 wherein if the first hash matches the second hash the digital 

13 data is authentic. 

1 43, The method of claim 42, wherein the digital data 

2 is selected from a group consisting of image data, video data, 

3 and audio data. 

1 44. The method of claim 42, wherein the digital data 

2 further comprises associated data inserted into known bits of the 

3 digital data, wherein the method authenticates both the 

4 associated data as well as the digital data. 

Si 45. The method of claim 44, wherein the associated 

J 2 data is inserted into the bits of the digital data excluding the 

3 predetermined bits. 

ml 46. The method of claim 44, wherein the digital data 

L 2 is compressed using a compression standard resulting in a 

£ 3 compressed file and wherein the digital signature and associated 

!i: 4 data are contained in a header in the compressed file, wherein 

:;n 5 the method further comprises the steps of: 

6 decompressing the compressed file; and 

7 replacing the signature and associated data from 

8 the header into the predetermined bits and the known bits, 

9 respectively, prior to the extracting step. 

1 47, An encoder for inserting a digital signature into 

2 digital data, the digital data comprising bits, the encoder 

3 comprising: 
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4 means for assigning predetermined bits of the 

5 digital data for receiving the digital signature; 

6 means for signing the digital data excluding the 

7 predetermined bits resulting in the digital signature; and 

8 means for inserting the digital signature into the 

9 predetermined bits of the digital data for subsequent 

0 authentication of the digital data. 

1 48. The encoder of claim 47, wherein the means for 

2 signing comprises: 

3 means for applying a one-way hashing function to 

4 the digital data excluding said predetermined bits resulting in a 

5 hash; and 

6 encrypting the hash. 

1 49. The encoder of claim 47, wherein the digital data 

2 is selected from a group consisting of image data, video data, 

3 and audio data. 

1 50. The encoder of claim 47, further comprising means 

2 for inserting associated data into the digital data prior to 

3 signing the digital data such that the encoder authenticates both 

4 the associated data as well as the digital data. 

1 51. The encoder of claim 50, wherein the associated 

2 data is inserted into the bits of the digital data excluding the 

3 predetermined bits. 

1 52. The encoder of claim 50, wherein the digital data 

2 comprises a plurality of samples, each of the samples being 
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3 defined by a plurality of the bits, from a most significant bit 

4 to a least significant bit, all of the least significant bits 

5 defining the plurality of samples comprising a least significant 

6 bit plane, wherein the predetermined bits comprise at least a 

7 portion of the least significant bit plane. 

1 53, The encoder of claim 52, wherein the digital data 

2 is an image and each sample is an image pixel. 

1 54. The encoder of claim 52, wherein the digital data 

2 is video and each sample is a spatial temporal sample. 

,^1 55. The encoder of claim 52, wherein the digital data 

ifl2 is audio and each sample is a time sample. 

?1 56. The encoder of claim 52, wherein the associated 

;^2 data is inserted into at least a portion of the remaining least 

J 3 significant bits in the least significant bit plane. 

Jl 57. The encoder of claim 50, wherein the digital data 

^2 is an image comprising a plurality of samples, each of the 

33 samples being defined by a plurality of the bits, further 

^^4 comprising means for transforming the plurality of bits into an 

5 alternative representation having at least first and second 

6 characteristic components, wherein the predetermined bits 

7 comprise the first characteristic component. 

1 58. The encoder of claim 57, wherein the digital data 

2 is an image and each sample is an image pixel. 

1 59. The encoder of claim 57, wherein the digital data 

2 is video and each sample is a spatial temporal sample. 
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1 60, The encoder of claim 57, wherein the digital data 

2 is audio and each sample is a time sample. 

1 61. The encoder of claim 57, wherein the associated 

2 data is inserted into at least a portion of second characteristic 

3 component . 

1 62. The encoder of claim 61, wherein the alternative 

2 representation is a frequency domain representation having high 

3 and low frequency components, wherein the first characteristic 

4 component is a portion of the high frequency component and the 

5 second characteristic component is the remaining high frequency 
C6 component and the low frequency component. 

63. The encoder of claim 50, wherein at least a 

^2 portion of the associated data comprises data identifying a 

m3 public key needed to decrypt the digital signature. 

Li 64. The encoder of claim 50, wherein the associated 

f 2 data comprises data identifying a source of the digital data. 

Si 65. The encoder of claim 50, wherein the associated 

*2 data comprises data identifying the identity of an owner of the 

3 digital data. 

1 66. The encoder of claim 55, wherein the digital data 

2 is an image and the associated data comprises data identifying a 

3 photographer of the image. 

1 67. The encoder of claim 50, wherein a portion of the 

2 associated data is encrypted and a remaining portion of the 

3 associated data is unencrypted. 
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1 68* The encoder of claim 50, wherein the associated 

2 data comprises at least two fields. 

1 69. The encoder of claim 68, wherein at least one of 

2 the fields comprises data identifying a public key needed to 

3 decrypt the digital signature. 

1 70. The encoder of claim 69, wherein at least one 

2 other field comprises data identifying the owner of the public 

3 key. 

1 71. The encoder of claim 65, further comprising means 

□2 for receiving the associated data from an external source. 

72. The encoder of claim 71, wherein the external 

p2 source is a Global Positioning Satellite transmission. 



Ill 73. The encoder of claim 47, wherein the digital data 

1,^2 is compressed using a compression standard resulting in a 

p3 compressed file, wherein the encoder further comprises: 

p4 means for creating a decompressed file prior to 

^^5 signing the digital data; 

6 means for signing the decompressed file resulting 

7 in the digital signature; and 

8 means for inserting the digital signature into a 

9 header in the compressed file instead of inserting the same into 
10 the digital data. 

1 74. The encoder of claim 73, wherein the digital data 

2 is an image and the compression standard is JPEG, 
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1 75. The encoder of claim 73, wherein the digital data 

2 Is video and the compression standard Is MPEG. 

1 76. The encoder of claim 50, wherein the digital data 

2 Is compressed using a compression standard resulting In a 

3 compressed file, wherein the encoder further comprises: 

4 means for creating a decompressed file prior to 

5 signing the digital data; 

6 means for Inserting the associated data Into the 

7 decompressed file; 

3 8 means for signing the decompressed file with the 

9 associated data Inserted therein resulting In the digital 

„p.O signature; and 

means for Inserting the digital signature and 

tl2 associated data into a header in the compressed file instead of 

|i3 Inserting the same into the digital data. 

I 77. The encoder of claim 76, wherein the digital data 

^0 2 is an image and the compression standard is JPEG. 

1 78. The encoder of claim 76, wherein the digital data 

2 is video and the compression standard is MPEG. 

1 79. The encoder of claim 50, wherein the digital data 

2 comprises a plurality of samples, each of the samples being 

3 defined by a plurality of the bits, from a most significant bit 

4 to a least significant bit, all of the least significant bits 

5 defining the plurality of samples comprising a least significant 

6 bit plane, wherein the encoder further comprises: 
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7 means for ignoring at least a portion of the least 

8 significant bit plane in the digital data; 

9 means for concatenating the associated data to the 

10 digital data having the ignored least significant bit plane prior 

11 to signing the digital data; 

12 means for signing the digital data having the 

13 concatenated associated data resulting in the digital signature; 

14 wherein the predetermined bits comprise at least a 

15 portion of the least significant bit plane and the associated 
r45 data is inserted into at least a portion of the remaining least 
%1 significant bits in the least significant bit plane. 

.pi 80. The encoder of claim 50, further comprising: 

g: 2 means for providing time data identifying the time 

L3 the digital data was created; 

Tl' 4 means for concatenating the hash and the time 

^ 5 data; 

6 means for applying a one-way hashing function to 

7 the concatenated hash and time data resulting in a second hash; 

8 and 

9 means for encrypting the second hash instead of 

10 the first hash to result in a time stamp containing the digital 

11 signature, wherein both the digital data and the time data are 

12 subsequently authenticated. 



1 
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81. The encoder of claim 80, further comprising: 



2 means for transmitting the hash to a third party 

3 for providing the time stamp and concatenating the hash and time 

4 stamp; and 

5 means for receiving the second hash from the third 

6 party prior to encryption. 

1 82. The encoder of claim 81, wherein the trusted third 

2 party resides at an internet address and the means for 

3 transmitting and receiving is a computer capable of accessing the 
q4 internet and receiving the transmitted second hash, 

J^l 83. The encoder of claim 80, further comprising a 

^=P2 semiconductor chip having a tamper resistant clock and a tamper 

resistant time stamping circuit, wherein the clock outputs the 

P4 time data which together with the digital signature is signed by 

^-^.5 the circuit to output the time stamp. 

84. The encoder of claim 50, further comprising: 

■^2 a memory for storing an identifier corresponding 

3 to each of at least one user of a device which creates the 

4 digital data; 

5 recognition means for recognizing a user of the 

6 device whose identifier is stored in the memory; and 

7 output means for outputting the identifier 

8 corresponding to the recognized user from the memory to be 

9 inserted as the associated data. 
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1 85. The encoder of claim 84, wherein a private key for 

2 signing the digital data is also stored in memory corresponding 

3 to each user, wherein the identifier is inserted as associated 

4 data and the private key is used to sign the digital data. 

1 86, The encoder of claim 84, wherein the recognition 

2 means is a fingerprint recognition system. 

1 87. The encoder of claim 86, wherein the identifier is 

2 a name of the recognized user. 

1 88. A decoder for authenticating digital data having 

,^^2 an embedded digital signature in predetermined bits of the 

^13 3 digital data, the decoder comprising: 

,5 4 means for extracting the digital signature from 

5 the predetermined bits; 

5 means for decrypting the signature from the 

£7 digital data resulting in a first hash; 

8 means for applying a one-way hashing function to 

0 9 the digital data excluding the predetermined bits resulting in a 

10 second hash; and 

11 means for comparing the first hash to the second 

12 hash wherein if the first hash matches the second hash the 

13 digital data is authentic. 

1 89. The decoder of claim 88, wherein the digital data 

2 is selected from a group consisting of image data, video data, 

3 and audio data. 
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1 90, The decoder of claim 88, wherein the digital data 

2 further comprises associated data inserted into known bits of the 

3 digital data wherein the decoder authenticates both the 

4 associated data as well as the digital data. 

1 91. The decoder of claim 90, wherein the associated 

2 data is inserted into the bits of the digital data excluding the 

3 predetermined bits. 

1 92. The decoder of claim 90, wherein the digital data 

2 is compressed using a compression standard resulting in a 

3 compressed file and wherein the digital signature is contained in 
3 4 a header in the compressed file, wherein the decoder further 

?t 5 comprises: 

Pg means for decompressing the compressed file; and 

p 7 means for replacing the signature from the header 

Ub into the predetermined bits, prior to extracting the digital 

p9 signature from the predetermined bits. 

0 1 93. The decoder of claim 90, wherein the digital data 

2 is compressed using a compression standard resulting in a 

3 compressed file and wherein the digital signature and associated 

4 data are contained in a header in the compressed file, wherein 

5 the decoder further comprises: 

5 means for decompressing the compressed file; and 

7 means for replacing the signature and associated 

8 data from the header into the predetermined bits and the known 

9 bits, respectively, prior to extracting the digital signature 
10 from the predetermined bits. 
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1 94. A method for inserting data into digital data for 

2 subsequent authentication of the digital data, the method 

3 comprising the steps of: 

4 receiving data from an external source; 

5 inserting the data into the digital data; and 

6 authenticating the digital data. 

1 95. The method of claim 94, wherein the external 

2 source is a radio frequency transmission. 

1 96. The method of claim 94, wherein the external 

2 source is an internet link. 

1 97. The method of claim 94, wherein the inserted data 

2 is used for authenticating information associated with the 

3 digital data. 

1 98. A device for inserting data into a digital data 

2 for subsequent authentication of the digital data, the device 

3 comprising: 

4 means for receiving data from an external source; 

5 means for inserting the data into the digital 

6 image; and 

7 means for authenticating the digital data. 

1 99. The device of claim 98, wherein the external 

2 source is a radio frequency transmission and the means for 

3 receiving the data comprises an antenna. 
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1 100, The device of claim 98, wherein the external 

2- source is an internet link and the means for receiving the data 

3 comprises a computer capable of accessing the internet and 

4 receiving the data. 

1 101. The device of claim 98, wherein the inserted data 

2 is used for authenticating information associated with the 

3 digital data. 

1 102. The device of claim 98, wherein the device is a 

2 digital image generation device and the digital data represents 

3 an image. 

=fl 1 103. The device of claim 102, wherein the image 

2 generation device is selected from a group consisting of a 

f 3 digital camera, a digital video camera, and a digital scanner. 

mi 104. A method for inserting time data into digital data 

L 2 for subsequent authentication of both the time data and the 

£ 3 digital .data, the method comprising the steps of: 

."S 4 providing a semiconductor chip having a tamper 

5 resistant clock and a time stamping circuit; 

6 outputting the digital signature and time data 

7 from the clock to the time stamping circuit; 

8 signing the time data and the digital signature 

9 resulting in a time stamp; and 

10 authenticating the digital data and the time data. 
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1 105, A device for inserting time data into digital data 

2 for subsequent authentication of both the time data and the 

3 digital data, the device comprising: 

4 a semiconductor chip having a tamper resistant 

5 clock and a tamper resistant stamping circuit; 

6 means for outputting the digital signature and 

7 time data from the clock to the time stamping circuit; and 

8 means for signing the time data and the digital 

9 signature resulting in a time stamp. 

1 106. The device of claim 105, wherein the device is a 

2 digital image generation device and the digital data represents 

3 an image . 

1 107. The device of claim 106, wherein the image 

2 generation device is selected from a group consisting of a 

3 digital camera, a digital video camera, and a digital scanner. 

1 108. A method for inserting data into digital data, the 

2 device comprising: 

3 storing an identifier corresponding to each of at 

4 least one user of a device which creates the digital data; 

5 recognizing a user of the device whose identifier 

6 is stored in the memory; 

.7 outputting the identifier corresponding to the 

8 recognized user from the memory; and 
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9 inserting data corresponding to the identifier 

0 into the digital data, 

1 109. The method of claim 108, wherein the inserted data 

2 is used for authenticating the digital data. 

1 110. The method of claim 108, wherein the inserted data 

2 is used for authenticating information associated with the 

3 digital data. 

1 111. The method of claim 108, wherein the identifier is 

2 a name of the recognized user. 

1 112. A device for inserting data into digital data, the 

2 device comprising: 

3 a memory for storing an identifier corresponding 

4 to each of at least one user of the device; 

5 recognition means for recognizing a user of the 

6 device whose identifier is stored in the memory; 

7 means for outputting the identifier corresponding 

8 to the recognized user from the memory; and 

9 means for inserting data corresponding to the 

0 identifier into the digital data. 

1 113. The device of claim 112, wherein a private key for 

2 signing the digital data is also stored in memory corresponding 

3 to each user, wherein the identifier is inserted into the digital 

4 data and the private key is used to subsequently sign the digital 

5 data. 
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1 114, The device of claim 112/ wherein the recognition 

2 means is a fingerprint recognition means, 

1 115. The device of claim 112, wherein the device is a 

2 digital image generation device and the digital data represents 

3 an image . 

1 116. The device of claim 112, wherein the image 

2 generation device is selected from a group consisting of a 

3 digital camera, a digital video camera, and a digital scanner. 
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ABSTRACT OF THE DISCLOSURE 

A method for inserting a digital signature into digital 
data is provided. The digital data has bits and the method 
includes the steps of: assigning predetermined bits of the 
5 digital data for receiving the digital signature; signing the 
digital data excluding the predetermined bits resulting in the 
digital signature; and inserting the digital signature into the 
predetermined bits of the digital data for subsequent 
authentication of the digital data. Also provided is a method 

10 for authenticating digital data having the embedded digital 

signature in the predetermined bits of the digital data including 
the steps of: extracting the digital signature from the 
predetermined bits; decrypting the digital signature from the 
digital data resulting in a first hash; applying a known one-way 

15 hashing function used by an encoder of the digital data to the 
digital data excluding the predetermined bits resulting in a 
second hash; and comparing the first hash to the second hash 
wherein if the first hash matches the second hash the digital 
data is authentic. In a preferred version of the methods of the 

20 present invention, the method further includes the step of 

inserting associated data into the digital data prior to the 
signing step such that the digital signature authenticates both 
the associated data as well as the digital data. Preferably, the 
associated data is inserted into the bits of the digital data 
excluding the predetermined bits. 




16\ 




flG, IB 





PL ID 




1 




IS 






Ml 



I 



1 



^50 



23 Z 



2 3^ 




\0O J WOT 



2^0 




T 





CLOCK 





RpR-20-1999 1^'32 FROM SCULLY SCOTT 
i^Apioc^d man UXV^\ NO. 



TO 



916097340768 



P. 05 

Pago 1 of 4 



Docket No. 

12558 (SGNA 10X4) 



Declaration and Power of Attorney For Patent Application 

English Language Declaration 

As a below named Inventor, I hereby declare that; 

My residence, post office address and citizenship are as stated below next to my name, 

I believe I am the original, first and sole inventor (if only one name is listed below) or an original, 
first and joint inventor {if plural names are listed below) of the subject matter which is claimed and for 
which a patent Is sought on the Invention entitled 

METHOD ANTO DEVICE FOR INSERTING AND AITTHENTICATING A DIGITAL SIGNATURE JN 
DIGITAL DATA 

the specification of which 

(check one) 

a is attached hereto, 
□ was filed on 



as United States Application No. or POT International 



Application Number 



and was amended on 



(if applicable) 



1 hereby state that I have reviewed and understand the contents of the above identified specification, 
including tho claims, as amended by any amendment referred to above. 

1 acknowledge the duty to disclose to the United States Patent and Trademark Office all information 
Known to me to be material to patentability as defined in Title 37, Code of Federal Regulations. 
Section 1.56, 

I hereby claim foreign priority benefits under Title 35, United Slates Code. Section I19(a)-(d) or 
Section 385(b) of any foreign appllcatlon(s) for patent or inventor's certificate, or Section 365(a) of 
any PCT International application which designated at least one country other than the United States, 
listed below and have also identified below, by checking the box, any foreign application for patent or 
Inventor's certificate or POT International application having a filing dale before thai of the application 
on which priority is claimed. 



Prior Foreign Applioation(s) 



(Number) 



(Country) 



(Number) 



(Country) 



(Number) 



(Country) 



(Day/MonthA^e^r Filed) 



(Day/MonihA'ear Fifed) 



(Day/Month/Year Filed) 



Priority Not Claimed 

□ 

□ 
□ 



A -7 * \I 3V 



1 m 


mm 


' flPR-20-1999 14:33 FROM 


SCULLY 5C0TT TO 


1 hereby claim the benefit 


under 35 U.S.C. Secllon 119(e) 


applicatlon(s) listed below: 




(Application Serial No.) 


(Filing Dale) 


(Application Serial No.) 


(Filing Date) 



9160973^0738 P. 06 

Pago 2 Of 4 



(Application Serial No.) 



(Filing Date) 



I hereby claim the benefit under 35 U. S. C, Section 120 of any United, Slates application(s), or 
Section 365(c) of any PCT International application designating the United States, listed below and, 
insofar as the subject matter of each of the claims of this application is not disclosed In the prior 
United States or PCT International application in the manner provided by the first paragraph of 35 
U.S.C. Section 112, I acknowledge the duty to disclose to the United States Patent and Trademark 
OtflcB all information known to me to be material to patentability as defined in Title 37, C. F. R., 
Section 1.56 which became available between the filing date of the prior application and the national 
or PCT International filing date of this application: 



(Application Serial No,) 


(Filing Date) 


(Status) 

(patented, pending, abandoned) 


(Applicttlon Serial No.) 


(Filing Date) 


(Status) 

(patented, pending, abandoned) 


(Application Serial No.) 


(Filing Date) 


(Status) 

(patented, pending, abandoned) 



I hereby declare that all statements made herein of my own knowledge are true and that all 
statements made on information and belief are believed to be true; and further that these statements 
were made with the knowledge that willful false statements and the like so made are punishable by 
fine or Imprisonment, or both, under Section 1001 of Title 18 of the United States Code and that such 
willful false statements may jeopardize the validity of the application or any patent issued thereon. 



9160973'3078B P. 07 

Page 3 of 4 

POWER OF ATTORNEY: As a named inventor, I hereby appoint the following attorney(3) and/or 
ag?nt(s) lo prosecute this application and transact all business in the Patent and Trademark Office 
connected therewith, (list ngme and registration number) 

Stephen D- Muirphy> Reg, No.: 22,002 Paul J. Eaatto, JUg. No.r 30,749 

WaUam C. Roch, Reg. No.: 24,972 Mark J. Cohen, Reg. No,: 32,211 

Frank S. DtGigUo, Reg. No.; 31,346 Bonild T, BbcU, Reg, No/. 27,999 

Philip J. Fftlg, Reg. No.; 17,328 Andrew G. Isrtwin, Reg. No.: 40,028 



PPR-20-1S9S 14:33 FROM SCULLY SCOTT 



TO 



Send Correspondence lo: 

Scully, Scott, Murphy & Prcsstr 
40D Gvrdea City FlNZft 
Gnrdcn City, New York 11530 



Direct Telephone Calls to: (name and telephone number) 
Vm\ J. Esitto, Jn (316)7424343 



l^uli name or sole or iir^ inventor 

Ingen tr J.Co:g ' ^ 

L»wrcncevill«, N«w Jersey 08648 - 



~CH*tcn»hip 
USA 



21 Lt Pure Drive 



UwrenceviUe, Ntw Jferjey 08648 



"l^uil name 0* itoond inventor, it any 

Mttthew L. Miller 




Priocetoni New Jerny 08S40 

USA ^ 

"PoaiOtfic* Add^m 
12 Qu>rry Stmt, Apt. 2 



Princtlou, Ntw Jersey 08540 



ppR_20-l999 14:34 FROM SCULLY SCOTT 



TO 



91 609734 07G8 P. 08 

Pa0^4ot 4 



Full name of third inventor, if any" 
DoUf^S P. Riyner 



Third Invf ntoV$ ei^nature 



Sad Fraadsco^ Ctliforoia 



Date 



VSA 



PoatOftioe Address 
74 Dliimoad Street 



SiQ Fraaclsco, CaUfbrala 94114 



Full nanrm of fou4h inventor^ if any 



fourth invtntof'* signature 



R«aidono« 
CIttztnahIp 



Dato 



Post Office AMre^t 



Full nann9 oflitth invtntor. any 



(■ Fifth inventor's alflnature 



Rwidenoa 



Date 



i Fott Office Address 



full ntmi of aixth inventor, n any 



Sixth invf ntof'a elgnature 



Date 



eaidanoe 



Ci({i«n»hip ~ 
"Poei Ohfoe Addftas 



•^0Pr7TCi;#;A?:i 7c:0T ;;^^^T,n7"vr7V 



04/20/1999 14:07 4155550748 



DQUG RAYNER 



PAGE 01/02 



.nd power o. A«omey For APP'k^O" 




^«^«^o«__ — ^r:^^^ 

inking fts s^a^fnfc » WW*" W "y 

.„^pKa«ytecWa-d. Priority KotOlalm^ 



(Oountty) 



□ 
P 
5 





tOO/ZOO'i £ZLO* 



S3DIJJ0 3AIin03X3 ID3N 



18^2196609 Ql'Ll 666T.02'HdV 



04/20/iggg 14:07 4155G50748 



DOUG RAYNER 



. ... PAGE 02/02 
J20f 4 



I h«r*y 9!i!l.m th? b^ffli » V-^-C- 8«*on 119(a) «ny yni^eci wv^^Jwn) 



(AppiiCfttionSiKWNo.) 









J n$j»^y olfilm Ito d& 0> Sedisn 129 of m Unm Ssa» jWpltoit!on(»). or 

SMUon 3M(o) of any PCT IntBtnjRlqnal 9PS^¥^ <«WJafH«lTO Ih^ Uf^JW tel*^ bojpw §0^, 
insoter as th9 suk^sd mailer of Mch of th« oWnr^s of tnt» cg^a^n Is rM diodoscd in lha pripr 
UrHM States Of FCT. mtvmftltonaf fujpnoalfoit in tho manror prouidtd the flAt pwi^rRph <rf 35 
aB*C« SMfon 1 12^ \ «iooMi«4B* du^ to <flsdoM to the United Statse Patent met T^ademarK 
Otfic««ll InforrmUon known me to Ibe matortai to potentaUly «»d9llnid in TMto 37, 0* F. R. 
Section 1.66 lAdtlehbeoafrnMuWabbfttwont^ cM» of tl^ fMrior i^ppilcidion and &19 rwfenAl 
or fCT (momsdonad flltna deto of thts apptfcaKon: 













(Status) 


(AppllcaftmStrftfNO.) ' 







» nowby declare lhael aS statomeit^ mad^ hcr^n cf rttf own kfio^ac^ art iruo and tt^at aD 
9S«tomaitfa made on {rtbrmation and ballD^ are t)6fiavad to b% true; and Afffhcr that lNN»e staiement» 
irwt imda iMlh ^ kno^nrtedbe that wfifM ^toe $iatom«nri| and tho irko «o made are puntehaob by^ 
fkieoriftv)ritwmm,ortoth,im Uni(od9tiiadQod»«ndtnAt«ioh 
wtUftit falsa atatofiwite miy leoparetoa tto ^idi^ of ^ appMoatidfi or any pe^ent lasuad thareon. 



04/20/1999 13:54 4155550748 DOUG RAYNER PAGE 03 



PON&i OF Krrom^: Ab a named iiwandM', S lief^by the ftrib^nQ attvneyta) andtor* 
QQ9nl(^ to tnwouta ihto appKoatiofi a^tf MftsoBt aS <9M»new «i tha Patani and Tracfoinaik OHJca 

teste PuMlupte^ibi&NQ^;;^:^^ JTAUXKultcvllASI^tSb^^T^f 



joafitetfcfiOiyPiMK 



' miiaiM«/«>l»flrfiiB]iaMBr 




£fij|eiMrJ.Cta 






— m 






twrrwiiwfllt, SutJtrm tKtf 








DBA 















own* «l •Msntiivvntar.ir «rir 







































soo/i?oo'a ieio# 



ie5^?ig6609 69 = 91 666I.0?'^aV 



04/20/1999 13:54 ^il55650748 DOUG RAYNER 

m-^i?^ i^=?8 PROM §gyay wrr tp n^i^^s^'i? 



PAGE 04 



M nanw ol titid invantor, any 





USA 




?4DiiAioiuite«ft 



l<|fth tnygntoft tilDnatbiir 



SUB 



Tsar 



